Oracle Patch Ormandy’s Security Vulnerability

Oracle have released a patch for Java SE 6, which rectifies the
vulnerability in Java Web Start.

The vulnerability was first identified by Tavis Ormandy, who
filed a proof
of concept earlier this week. A few days afterwards, AVG
Technologies
reported they had identified an attack server that was
exploiting this vulnerability.

This patch, prevents a Java Network Launch Protocol file without
a codebase parameter from working. It can be downloaded now.